-1

I am planning to implement a service to test the capabilities in spam detection of modern Email clients, as well as webmail services like gmail, hotmail...

The project is in a very early state and I am actually just figuering out which techniques may be the best, or finding a way to do that.

My actual plan is: setting up a local mail server which receives a bundle of spam mails. It forwards the mails with original headers (so the receiver thinks the mail was sent directly) to my accounts on various platforms. The Im planning to download the mails which were not detected to calculate the result of detection.

The problem might be, that my IP (of the sending smtp server) will be on most blacklists after a short time. Does anybody have suggestions to circumvent this problem?

Please do not discuss how I will get the Spams, or how i will extract the results. This thread should only be about sending emails.

Please do not judge me as spammer, of course there will be no abuse of the system. This is for research purposes only!

Thanks for suggestions!

nobody
  • 19,814
  • 17
  • 56
  • 77
user2445254
  • 45
  • 9
  • 1
    There cannot be a static answer to this, because providers change their spam filters, and occasionally their internal email topology and logic, over time. I'm nominating for closing as too broad, but it's also not strictly programming related. – tripleee Feb 09 '14 at 15:57

1 Answers1

1

Avoiding being blacklisted won't be possible unless :

  • the targeted mail server is poorly protected and doesn't react when bombarded by spams from a single IP address
  • you control a botnet that you can use to send emails from many different IPs (basically, you're a spammer ;)
  • you agree with the mail server administrator that you're going to test its server, so that he whitelists your ip/domain

If avoiding blacklists was easy, all spammers would do it :) I worked on a mail filtering solution. To promote it, a web site evaluating the security of any mail server was developed. Measuring the spam filter efficiency was considered, but eventually given up. The reasons why may be useful to you :

Defining what is a spam is not so easy : A mailing list may be legitimate for a user, and a spam for another one. Hence, measuring catch rate is not as simple as one may think.

Most of the filtering today is based on sender IP reputation : our customers' mail filters blocked on average 70% of all incoming SMTP connections (and up to 90%!). A measure of a spam filter effectiveness based only on content analysis would't be representative.

We participated to a spam filter contest held by VirusBulletin. To emulate the connection level filtering, VirusBulletin was adding to its test emails a custom header giving the original sender IP address, and our spam filter was tweaked to use this header as the real sender IP address.

On a side note, with IPv6 (eventually) coming, IP black list will have a hard time collecting all spamming addresses (think botnets), and content analysis may become critical again.

Connection level restrictions prevent sending many test emails quickly : to prevent DDOS attacks, most mail server will slow down your connection rate so that you can't open too many connections per second, or send too many messages per connection. You won't be able to quickly send a bunch of spams.

Modern spam filters adjust to recipient behaviour : for example, if you write a message to john@doe.com, all future messages from john@doe.com may be whitelisted (unless harmful). But the same messages from a different sender may be blocked as spam. So, to evaluate efficiency of spam filter, you need to know exactly how the recipient test address is protected, and eventually to disable some filtering features. Another example is language filtering, where the spam filter blocks all messages that are not in the recipient language(s).

I hope this will help !

Nicolas Riousset
  • 3,447
  • 1
  • 22
  • 25